libipq: How to get PIDs for packets

Henrik Nordstrom hno at marasystems.com
Thu Nov 3 22:43:45 CET 2005


On Wed, 2 Nov 2005 Peter.Muller at gmx.at wrote:

> I'm using libipq to filter packets in userspace. Is there a way provided by
> the API of libipq to get the PID of the process the packet is going to or
> coming from?

No.

Isn't even an API within the kernel to tell this.. There is no mapping 
between packet and process within the kernel, the two concepts are too far 
apart. On locally generated packets you can get down to which socket the 
packet was sent on, but that is about it.

Once upon a time there was the "owners" match in iptables capable of 
matching on pid or even application name, but this capability has been 
removed from there as it was not really working. Only worked on 
Uni-processor boxes (no SMP) and only in very restricted conditions even 
then..

Regards
Henrik



More information about the netfilter mailing list